Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Malware & Threats

Catalan Chief Accuses Spain’s Intelligence Agency of Hacking

The head of Catalonia’s regional government is accusing Spain’s intelligence agency of conducting what he calls “massive political espionage” on the northeastern region’s independence movement and says that relations with Spain’s national authorities are “on hold” as a consequence.

The head of Catalonia’s regional government is accusing Spain’s intelligence agency of conducting what he calls “massive political espionage” on the northeastern region’s independence movement and says that relations with Spain’s national authorities are “on hold” as a consequence.

Pere Aragonès on Thursday shared examples of techniques used to infiltrate the phones of dozens of elected Catalan officials, activists, lawyers and others that he said led unequivocally to Spain’s National Intelligence Center, known as CNI in Spanish. The leftist leader said CNI has yet to deny having purchased controversial spyware from Israel’s NSO Group.

The NSO program named Pegasus silently infiltrates phones to harvest their data and potentially turns them into spying devices on their owners. For its installation, the user usually needs to follow a link within a targeted message, although a click is not required in all versions.

“We can be sure that it is CNI,” Aragonès told foreign correspondents in Madrid. “Because the level of information used to infiltrate the phones suggests that they had previous data of the innocents targeted that wasn’t known publicly” including flight numbers that they were going to take.

“It’s massive political espionage that, from our point of view, has a political motivation,” he said.

Citizen Lab, a cybersecurity research group affiliated with the University of Toronto, has revealed that at least 65 people, most of them directly linked to the Catalan separatist camp, were targeted with Pegasus or similar spyware sold only to government agencies to target criminals and terrorists.

[ Read: Citizen Lab Documents Israeli Surveillance Spyware Infections in Spain ]

Advertisement. Scroll to continue reading.

Almost all of the incidents occurred between 2017 and 2020, when efforts to carve out an independent state in northeastern Spain led to the country’s deepest political crisis in decades. The former Catalan Cabinet that pushed ahead with an illegal referendum on independence was sacked. Most of its members were imprisoned before they were eventually pardoned. Half a dozen people fled the country.

The Spanish government has not denied nor confirmed whether it uses Pegasus or other hard-to-detect spyware. Defense Minister Margarita Robles on Wednesday said that laws protecting state secrets prevent the agency from disclosing details on the activities of the country’s intelligence services.

“We cannot sow suspicion about an organization that cannot defend itself,” Robles told Spanish state broadcaster, TVE, adding that CNI’s actions fall under the oversight of judges.

Aragonès, whose device was among those infiltrated, according to Citizen Lab, said his leftist party’s crucial support for Socialist Prime Minister Pedro Sánchez’s left-to-center national coalition and the ongoing negotiations about the future of the wealthy Catalan region can’t continue unless the Spanish government launches a full investigation and purges those responsible for the hacking.

If the targeted espionage by CNI is confirmed, Aragonès said the responsibility within Sánchez’s administration “will be based on who knew, who authorized these actions or who didn’t.”

“And when I speak of responsibility, I mean that we’ll need to see resignations,” he told The Associated Press.

Rounds of talks between the central government in Madrid and Catalan regional authorities have yielded some progress in solving some of the separatists’ long-term grievances but have not resolved the fundamental issues of Catalonia’s status within Spain.

Polling and recent elections show that the percent of Catalans who support independence grew since last decade’s financial crisis but have since then remained divided, with majorities fluctuating recently between those in favor or against breaking away from Spain.

Related: Secretive Israeli Exploit Company Behind Wave of Zero-Day Exploits

Related: Microsoft Patches 128 Windows Flaws, New Zero-Day Reported by NSA

Related: Microsoft Patches 3 Under-Attack Windows Zero-Days

Related: Google Confirms Sixth Zero-Day Chrome Attack in 2021

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...